1. Technical Field
This invention relates to the field of telecommunications and, more particularly, to a security overlay scheme using internet protocol (IP) address hopping.
2. Description of the Related Art
Wireless transmissions are easier to intercept than transmissions over wired networks. The 802.11 standard currently specifies the Wireless Equipment Privacy (WEP) security protocol to provide encrypted communication between a client and an access point (AP). WEP employs the symmetric key encryption algorithm, Ron's Code 4 Pseudo Random Number Generator (RC4 PRNG).
Under WEP, all clients and APs on a wireless network use the same key to encrypt and decrypt data. The key resides in the client computer and in each AP on the network. The 802.11 standard does not specify a key management protocol, so all WEP keys on a network must be managed manually. Support for WEP is standard on most current 802.11 cards and APs. WEP security is not available in ad hoc (or peer-to-peer) 802.11 networks that do not use APs. WEP specifies the use of a 40-bit encryption key and there are also implementations of 104-bit keys. The encryption key is concatenated with a 24-bit “initialization vector,” resulting in a 64- or 128-bit key. This key is input into a pseudorandom number generator. The resulting sequence is used to encrypt the data to be transmitted. The problem with this is that it is still possible for a user to intercept the key and then decrypt the transmissions on the 802.11 network.
Several U.S. Patents discuss the use of multiple IP addresses, but for different purposes or for similar purposes in quite a different manner. U.S. Pat. No. 6,128,298 entitled “Internet Protocol Filter” describes a technique to separate the public Internet IP addresses from a private intranet by using a single IP address to the Internet and a plurality of ports on the intranet to solve the problem of IP address conservation. It does not describe a schema where the IP address is hopping using a shared secret to secure transactions on a wireless network.
U.S. Pat. No. 6,009,474 entitled “Method and Apparatus for Re-assigning Network Addresses to Network Servers by Re-configuring a Client Host Connected ThereTo” discusses a method and apparatus for re-assigning IP addresses to a group of servers by re-configuring a client host coupled to those client servers.
U.S. Pat. No. 5,101,374 entitled “Secure Fast Storage Retrieval without Interactive Checking” describes a technique for secure retrieval of information from a storage device.
U.S. Pat. No. 6,249,820 B1 entitled “Internet Protocol IP Work Group Routing” describes a method and apparatus where multiple router interfaces are assigned the same IP network address creating an IP work group. None of the references listed above describe a schema where the IP address is hopping using a shared secret to secure transactions on a wireless network or a wired network.
Publication RD-428117 describes a technique for using different IP addresses to avoid a security risk due to snooping. This technique describes how a VPN can send bogus data to multiple alternate IP addresses and send good data to the valid IP address. Thus, someone snooping, would not be able to determine which IP address contained the valid data. Publication RDN428 similarly describes a technique for using different IP addresses to avoid a security risk due to snooping. This technique describes how a VPN can send bogus data to multiple alternate IP addresses and send good data to the valid IP address. Thus, someone snooping, would not be able to determine which IP address contained the valid data. None of the publications listed above describe a schema where the IP address is hopping using a shared secret to secure transactions on a wireless or a wired network.
Thus, a need exists for providing added security on communication links that may already provide some form of security by the transfer of encrypted data. Although there may exist several systems using multiple IP addresses, none of the existing systems utilize a hopping IP address to secure and inherently authenticate data transactions across communication links.